No changes are achieved even disabling that option: https://spoofer.caida.org/report.php?sessionid=1198480
For what is worth, another test with another portuguese ISP using the same "lan-style-first-hop":
Path 4 (to: 130.206.158.142)
192.168.10.1 0
10.240.192.1 0
* * * 0
195.8.30.241 8657
195.8.0.198 8657
195.8.0.198 8657
195.66.226.161 0
* * * 0
* * * 0
* * * 0
62.40.98.72 20965
83.97.88.130 21320
130.206.245.93 766
130.206.195.2 766
130.206.158.2 766
130.206.158.50 766
130.206.158.142 766
Using 10.240.192.1
as first-hop (but not as gateway!), passed 100% at these tests.The router is not running Openwrt, instead Opnsense. So, It seems the issue is with Openwrt+luci-app-bcp38 and not with this type of ISP first hops.
You need to monitor the output while trying to pass some traffic:
iptables-save -c -t filter | grep -i -e bcp -e drop -e reject
Identify the chains and rules with growing counters matching the restrictive target.
2 Likes